“WTOP.com is currently dealing with a malicious cyber attack,” the statement said. “We are working diligently to contain and stop the attack, and apologize for any inconvenience this has caused.”
John Meyer, director of digital media for both stations, said the virus affected some people who visited the site using Internet Explorer. To prevent the attack from spreading, the radio stations blocked those users from accessing the stations’ Web sites and linked to a statement explaining the attack.
WTOP and Federal News radio did not say how many people were affected or when the hack was detected.
Eddie Mitchell, a security engineer at the Fairfax-based security company Invincea, said hacks like this one are particularly difficult to detect. Other attacks that might attempt to lure users to fraudulent Web sites can be easily avoided with common security software. But by targeting a site that people trust and visit habitually, he said, hackers have a better chance of getting through those filters.
“These attacks are so devastating because the attackers are compromising legitimate Web sites,” said Mitchell, who does not work for the stations.
According to Mitchell, the attacks on WTOP and Federal News Radio Web sites installed two types of malware. The first is a fake antivirus software, which identifies false threats and collects users’ credit card information when they try to “subscribe” to a program to clean their computers.
The second is a type of software that connects users’ computers to a larger network that hackers can control and use to increase the number of “clicks” on digital advertisements that make them money.
WTOP and Federal News radio did not comment on Mitchell’s assessment.
Those who think they have been affected by the attack should scan their computers for infections using legitimate anti-virus software, the stations’ statement said. “WTOP is still in the process of performing a thorough analysis to ensure our systems are free of malicious content,” the statement said.
Mitchell said the attacks appeared to have been motivated by financial gain, in contrast to recent breaches of other media sites such as the Associated Press, which were aimed at getting publicity for the perpetrators. In that instance, hackers successfully gained access to the news service’s Twitter account to send a false message about a bombing at the White House, which briefly sent the stock market into a free fall.
Both radio stations are owned by Hubbard Radio.